[MPlayer-dev-eng] [PATCH] fix SAMI parsing
Howard Chu
hyc at highlandsun.com
Mon Jun 7 08:18:38 CEST 2010
Reimar Döffinger wrote:
> On Sun, Jun 06, 2010 at 07:24:46PM -0400, hyc at highlandsun.com wrote:
>> On Mon, Jun 07, 2010 at 12:26:33AM +0200, Reimar D?ffinger wrote:
>>> On Sun, Jun 06, 2010 at 02:51:29PM -0700, Howard Chu wrote:
>>>
>>>> + uint32_t c = strtol(s+2,&s, 0);
>>>> + uint8_t tmp;
>>>> + PUT_UTF8(c, tmp, *p++ = tmp;)
>>>> + if (*s == ';') s++; }
>>>
>>> I'm sorry, but I think you'll have to somehow "prove"
>>> this is not a security issue.
>>> Checking and documenting that PUT_UTF8 will never write
>>> more than we read might be possible.
>>> Or just "blindly" checking we still have at least 8 bytes
>>> free should do as well.
>>
>> Not necessary. Decimal numbers encode only 3.25 bits per byte, while UTF-8 encodes 7 bits per byte. This conversion will always fit.
>
> Given that 3.25 bits just don't exist, it obviously is not that easy.
> And you forgot another case as well: negative numbers.
> This kind of thing just can't be done hand-wavy like that, or you'll
> always miss a case.
Fair enough. We can borrow from libldap/utf-8.c:
#define LDAP_UCS_UTF8LEN(c) \
(c < 0x80 ? 1 : (c < 0x800 ? 2 : (c < 0x10000 ? 3 : \
(c < 0x200000 ? 4 : (c < 0x4000000 ? 5 : 6)))))
and check the remaining buffer length.
Of course, we could just check for a '-' in the string and drop this entity.
Nobody should be using negative character codes.
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/
More information about the MPlayer-dev-eng
mailing list